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AMENDMENTS TO CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 

1 . (Previously Presented) A data carrier comprising: 

a semiconductor chip having: 
at least one memory; 

an operating program stored in said memory; and 
a plurality of operating program commands contained in said 
operating program, each command causing signals detectable 
from outside the semiconductor chip during execution of the 
command within the semiconductor chip, 
wherein the data carrier is arranged to perform security-relevant operations solely by 

executing selected said operating program commands under one of the following conditions: 
said selected operating program commands are operating program commands of such a 

kind that data processed with the corresponding program commands cannot be inferred from said 

signals that are caused by execution of said commands and that have been detected outside the 

semiconductor chip, or 

said operating program commands are executed by the operating program in such a way 

that the data processed with the corresponding operating program commands cannot be inferred 

from said signals that are caused by execution of said commands and that have been detected 

outside the semiconductor chip. 

2. (Previously Presented) A data carrier according to claim 1, wherein the executed operating 
program commands are designed for at least byte-by-byte processing of data. 
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3. (Previously Presented) A data carrier according to claim 1, wherein the operating program 
commands are selected such that the commands cannot be distinguished based on signal patterns 
caused thereby. 

4. (Previously Presented) A data carrier according to claim 1, wherein the executed operating 
program commands each lead to a signal pattern which is substantially independent of the data 
processed with the corresponding command. 

5. (Previously Presented) A data carrier according to claim 1, wherein the operating program is 
arranged to execute a series of operations (/), input data being required for executing the 
operations (/) and output data being generated by execution of the operations (/), said operations 
(J) including the following operations: 

falsification the input data by combination with auxiliary data (Z) before execution of one 
or more operations (/), 

combination of the output data determined by execution of the one or more operations 
(/) with an auxiliary function value (J{Z)) in order to compensate for the falsification of 
the input data, 

wherein the auxiliary function value (/(Z)) was previously determined by execution of the 
one or more operations (/) with the auxiliary data (Z) as input data in safe surroundings 
and stored on the data carrier (1) along with the auxiliary data (Z). 

6. (Previously Presented) A data carrier according to claim 5, wherein the combination with the 
auxiliary function values (/(Z)) for compensating the falsification is performed at the latest 
directly before execution of an operation (g) which is nonlinear with respect to the combination 
generating the falsification. 

7. (Previously Presented) A data carrier according to claim 5, wherein the auxiliary data (Z) are 
varied, the corresponding function values being stored in the memory of the data carrier. 
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8. (Previously Presented) A data carrier according to claim 7, wherein new auxiliary values (Z) 
and new auxiliary function values (/(Z)) are generated by combining two or more existing 
auxiliary data (Z) and auxiliary function values (/(Z)). 

9. (Previously Presented) A data carrier according to claim 8, wherein the two or more existing 
auxiliary data (Z) and auxiliary function values (/(Z)) intended for the combination are each 
selected randomly. 

1 0. (Previously Presented) A data carrier according to claim 5, wherein pairs of auxiliary data (Z) 
and auxiliary function values (/(Z)) are generated by a generator without the operation (/(Z)) 
being applied to the auxiliary data (Z). 

1 1 . (Previously Presented) A data carrier according to claim 5, wherein the auxiliary data (Z) are 
a random number. 

12. (Previously Presented) A data carrier according to claim 5, wherein the combination is an 
XOR operation. 

13. (Previously Presented) A data carrier according to claim 1, wherein the operating program 
is arranged to execute a plurality of operations, wherein for at least a subset of said operations, 
the total result achieved by execution of several operations of the subset does not depend on the 
order of execution of the operations, and wherein the order of execution of the stated subset of 
operations is varied at least when the subset contains one or more security-relevant operations. 

14. (Previously Presented) A data carrier according to claim 13, wherein the order of execution 
is varied at each run through the stated subset of operations. 

15. (Previously Presented) A data carrier according to claim 13, wherein the order of execution 
is varied according to a fixed principle. 
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16. (Previously Presented) A data carrier according to claim 13, wherein the order of execution 
is varied randomly. 

17. (Previously Presented) A data carrier according to claim 13, wherein the order of execution 
is varied in accordance with the data processed with the operations (/). 

18. (Previously Presented) A data carrier according to claim 13, wherein the order of execution 
is fixed before execution of the first operation (/) of the subset for all operation of the subset 
whose execution is intended to be directly successive. 

19. (Previously Presented) A data carrier according to claim 13, wherein, before the onset of 
execution of an operation (f) of the subset, the operation of the subset whose execution is 
intended to be successive and that is to be executed next, is fixed. 

20. (Previously Presented) A data carrier according to claim 1, wherein the security-relevant 
operations are key permutations or permutations of other secret data. 

2 1 . (Previously Presented) A data carrier according to claim 1 , wherein the data carrier is a smart 
card. 

22. (Previously Presented) A method for executing security-relevant operations in a data carrier 
with a semiconductor chip having at least one memory in which an operating program containing 
a plurality of commands is stored, each command causing signals detectable from outside the 
semiconductor chip during execution of the command within the semiconductor chip, comprising 
the step of causing the data carrier to perform security-relevant operations if) solely by executing 
said operating program commands, said step of causing the data carrier to perform security- 
relevant operations comprising one of the following steps: 

executing only selected said operating program commands that are operating program 
commands of such a kind that data processed with the corresponding operating program 
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commands cannot be inferred from said signals that are caused by execution of said operating 
program commands and that have been detected outside the semiconductor chip, or 

executing said operating program commands in such a way that the data processed with 
the corresponding operating program commands cannot be inferred from said signals that are 
caused by execution of said operating program commands and that have been detected outside 
the semiconductor chip. 

23. (Previously Presented) A method according to claim 22, wherein the executed operating 
program commands employ data present at least byte by byte. 

24. (Previously Presented) A method according to claim 22, wherein the operating program 
commands selected such that the commands cannot be distinguished based on signal patterns 
caused thereby. 

25. (Previously Presented) A method according to claim 22, wherein the executed operating 
program commands each lead to a signal pattern which is substantially independent of the data 
processed with the command. 

26. (Previously Presented) A method for protecting secret data serving as input data for one or 
more operations, comprising the steps of: 

falsifying the input data by combination with auxiliary data (Z) before execution of one 
or more operations (/), 

combining the output data determined by execution of the one or more operations (/) with 
an auxiliary function value (/(Z)) in order to compensate for the falsification of the input 
data, 

wherein the auxiliary function value (/(Z)) was previously determined by execution of the 
one or more operations (f) with the auxiliary data (Z) as input data in safe surroundings 
and stored along with the auxiliary data (Z). 
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27. (Previously Presented) A method according to claim 26, wherein the combination with the 
auxiliary function values (f{Z)) for compensating the falsification is performed at the latest 
directly before execution of an operation (g) which is nonlinear with respect to the combination 
generating the falsification. 

28. (Currently Amended) A method according to claim 26, wherein the auxiliary data (Z) are 
varied, the corresponding function values being stored in the-ajnemory of the-a_data carrier. 

29. (Previously Presented) A method according to claim 28, wherein new auxiliary values (2) and 
new auxiliary function values (j{Z)) are generated by combining two or more existing auxiliary 
data (Z) and auxiliary function values (/(Z)). 

30. (Currently Amended) A method according to claim 29, wherein the two or more existing 
auxiliary data (Z) and auxiliary function values (/(Z)) intended for th e combination that are 
combined to generate the new auxiliary values (Z) and new auxiliary function values (f(Z)) are 
each selected randomly. 

3 1 . (Previously Presented) A method according to claim 26, wherein pairs of auxiliary data (Z) 
and auxiliary function values (/(Z)) are generated by a generator without the operation (/(Z)) 
being applied to the auxiliary data (Z). 

32. (Previously Presented) A method according to claim 26, wherein the auxiliary data (Z) are 
a random number. 

3 3 . (Currently Amended) A method according to claim 26 , wherein the combination is the output 
data and the auxiliary function value are combined by an XOR operation. 

34. (Previously Presented) A method for executing a plurality of operations (/) within the 
operating system of a data carrier, comprising the steps of: 
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executing the plurality of operations (J) in such a manner that, for at least a subset of said 
operations, the total result achieved by execution of several operations of the subset does not 
depend on the order of execution of the operations, and 

varying the order of execution of the stated subset of operations at least when the subset 
contains one or more security-relevant operations. 

35. (Previously Presented) A method according to claim 34, wherein the order of execution is 
varied at each run through the stated subset of operations. 

36. (Previously Presented) A method according to claim 34, wherein the order of execution is 
varied according to a fixed principle. 

37. (Previously Presented) A method according to claim 34, wherein the order of execution is 
varied randomly. 

38. (Previously Presented) A method according to claim 34, wherein the order of execution is 
varied in accordance with the data processed with the operations (/). 

39. (Previously Presented) A method according to claim 34, wherein the order of execution is 
fixed before execution of the first operation (/) of the subset for all operation of the subset whose 
execution is intended to be directly successive. 

40. (Previously Presented) A method according to claim 35, further comprising the step of fixing, 
before the onset of execution of an operation (f) of the subset, which operation of the subset 
whose execution is intended to be successive is executed next. 

41. (Previously Presented) A method according to claim 22, wherein the security-relevant 
operations are key permutations or permutations of other secret data. 
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42. (Previously Presented) A method according to claim 26, wherein the security-relevant 
operations are key permutations or permutations of other secret data. 

43. (Previously Presented) A method according to claim 34, wherein the security-relevant 
operations are key permutations or permutations of other secret data. 
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